Worms •program that actively seeks out more machines to infect and each infected machine serves as an automated launching pad for attacks on other machines •exploits software vulnerabilities in client or server programs •can use network connections to spread from system to system •spreads through shared media (USB drives, CD, DVD data disks) •e-mail worms spread in macro or script code included in attachments and instant messenger file transfers •upon activation the worm may replicate and propagate again •usually carries some form of payload •first known implementation was done in Xerox Palo Alto Labs in the early 1980s

Worm Replication •worm e-mails a copy of itself to other systems•sends itself as an attachment via an instant message serviceelectronic mail or instant messenger facility•creates a copy of itself or infects a file as a virus on removable mediafile sharing •worm executes a copy of itself on another systemremote execution capability •worm uses a remote file access or transfer service to copy itself from one system to the otherremote file access or transfer capability •worm logs onto a remote system as a user and then uses commands to copy itself from one system to the other remote login capability

This
preview
has intentionally blurred sections.
Sign up to view the full version.

Morris Worm • earliest significant worm infection • released by Robert Morris in 1988 • designed to spread on UNIX systems – attempted to crack local password file to use login/password to logon to other systems – exploited a bug in the finger protocol which reports the whereabouts of a remote user – exploited a trapdoor in the debug option of the remote process that receives and sends mail • successful attacks achieved communication with the operating system command interpreter – sent interpreter a bootstrap program to copy worm over

This
preview
has intentionally blurred sections.
Sign up to view the full version.